PropProofs Privacy Policy

1. Information We Collect

For the purpose of this policy, Personal Data means any information relating to an identified or identifiable natural person, such as name, email address, physical address, and your unique account identifier (Firebase UID).

We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.

A. Information You Provide to Us

• Account & Profile Information: When you create an account, we collect your name, email address, and password (managed via Firebase Authentication).
• Contractor & Organization Details: If you register as a contractor, we collect your company name, business address, contact information, and professional license numbers.
• Property Information: To create records, you must provide property details, including street address, city, state, and postal code, which we link to a canonical Google Place ID.
• Proof Data: This is the core of our service. When you create a Proof Record, you provide a title, description, proof type, and associated files (such as photos, PDFs, or other documents).
• Payment Information: For subscription services, payment details are collected and processed securely by our payment processor, Stripe.
• Communications: If you contact us for support or provide feedback, we collect the contents of those communications.

B. Information Collected Automatically

• Log and Usage Data: We log technical data when you use our Service, including your IP address, browser type, operating system, and pages visited. This helps us with troubleshooting and security monitoring.
• Cookies and Similar Technologies: We use cookies (small text files stored on your device) for essential functions like keeping you logged in (session cookies) and for analytics to understand how our Service is used. We do not use third-party advertising cookies.

C. Information from Third Parties

• Invitations: If a contractor or project manager invites you to join a project, we receive your email address from them to facilitate the invitation.

2. How We Use Your Information

Our legal basis for processing your data under GDPR includes the necessity to perform our contract with you (the Terms of Service), our legitimate interest in operating and securing our Service, and your consent where applicable. We use your information to:

• Operate and Maintain the Service: Manage user accounts, create and verify Proof Records, and enforce permissions.
• Process Transactions: Manage subscriptions, billing, and receipts via Stripe.
• Secure the Platform: Monitor for and prevent fraud, unauthorized access, and malicious activity.
• Communicate with You: Send essential service updates, security alerts, verification links, and support responses. You may opt-out of non-essential communications.
• Improve the Service: Analyze aggregated and anonymized usage data to fix bugs and enhance features.
• Comply with Legal Obligations: Maintain immutable records for compliance, audits, and dispute resolution as detailed in our Terms of Service.

3. How We Share and Disclose Information

We share information only in the limited circumstances described below.

A. With Service Providers (Sub-processors)

We use trusted third-party vendors to help us operate the Service. These providers are contractually obligated to protect your data and use it only for the purposes we authorize.

• Google Cloud Platform & Firebase: For application hosting, database management, user authentication, and analytics.
• Stripe, Inc.: For secure payment processing.
• Resend: For transactional email delivery (e.g., password resets, invitations).

B. Within the PropProofs Service

• Project Collaboration: When you participate in a project, other authorized users on that project (e.g., homeowners, contractors) can view Proof Records and comments relevant to that project.
• Public Property Lookup: Our public lookup feature at [`/property-lookup`](/property-lookup) allows anyone to search for a property by address. This public view only displays committed Proof Records and associated non-personal data, such as the proof title, completion date, and contractor name. It does not expose your private account information, comments, or uncommitted proofs.

C. For Legal and Compliance Reasons

We may disclose data if required by law, subpoena, or court order, or to protect our rights and property in accordance with our Terms of Service.

4. Data Retention, Security, and Your Rights

A. Data Retention & The Immutable Ledger

Our service is built on the principle of creating a permanent, verifiable history. Therefore:

• Proof Records (Metadata & Hashes): The record metadata and their cryptographic hashes are retained **indefinitely**. This is a core feature required to maintain the integrity and auditability of the immutable ledger.
• Associated Proof Files (GCS Storage): The original files (images, PDFs) linked to a committed Proof Record are also retained in secure storage (Google Cloud Storage) indefinitely to maintain the integrity of the evidence. **While the hash is permanent, upon formal account deletion, we can fulfill soft deletion requests for the original file content; however, PropProofs reserves the right to retain copies necessary for legal, audit, or regulatory compliance.**
• Account Information is retained as long as your account is active. Upon account deletion, we remove directly identifiable information (like your name and email from your user profile) from our active databases.

B. Security

We implement robust technical and organizational safeguards to protect your data, including end-to-end encryption for data in transit, encryption at rest, role-based access controls, and regular security audits.

C. Your Rights and Choices (GDPR & CCPA)

Depending on your jurisdiction, you have rights over your personal data:

• Access & Portability: You can request a copy of your personal data.
• Correction: You can correct inaccurate data in your Account Settings.
• Deletion (“Right to be Forgotten”): You can request the deletion of your account. We will fulfill this by deleting your account data and pseudonymizing any personal information within committed Proof Records to the extent technically feasible. However, due to the immutable nature of the blockchain, we cannot delete the cryptographic hash or the core record structure itself.
• Opt-Out: You can opt-out of marketing communications. You cannot opt-out of essential service communications (e.g., security alerts).

To exercise these rights, please contact us at privacy@propproofs.com.

5. Additional Information

A. Children’s Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal information from minors.

B. International Data Transfers

Your data is processed and stored in the United States. We ensure all data transfers comply with applicable privacy laws, using safeguards like Standard Contractual Clauses for data from the EU.

C. Changes to This Policy

We may update this policy. Significant changes will be communicated via email or an in-app notification.